Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Apple Releases Security Updates for MacOS, iOS, and Safari

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Google Redirect Virus

Started by jesse2007 , Sep 06 2010 11:21 AM

This topic is locked

2 replies to this topic

#1 jesse2007

Members
8 posts
OFFLINE

Local time:07:04 PM

Posted 06 September 2010 - 11:21 AM

Hello. I am having issues with a Google Redirect Virus in Mozilla Firefox 3.6.8. I am running Windows 7 64-bit edition on my laptop. The symptoms are varied as the search engine will work perfectly sometimes and other times direct me to sites such as infomash.com and scour.com.

This is the DDS log

DDS (Ver_10-03-17.01) - NTFSX64
Run by jesse at 12:18:12.01 on Mon 09/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3956.2270 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\alg.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\3RVX\3RVX.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\quietHDD_v1.5-build250\quietHDD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\jesse\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Users\jesse\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=27360410h006l0478z195t4441d99p
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=27360410h006l0478z195t4441d99p
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=27360410h006l0478z195t4441d99p
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=27360410h006l0478z195t4441d99p
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files (x86)\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [3RVX] c:\program files (x86)\3rvx\3RVX.exe
uRun: [googletalk] c:\program files (x86)\google\google talk\googletalk.exe /autostart
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files (x86)\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [LManager] c:\program files (x86)\launch manager\LManager.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TaskTray]
StartupFolder: c:\users\jesse\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jesse\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\quieth~1.lnk - c:\program files (x86)\quiethdd_v1.5-build250\quietHDD.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Translate with ATLAS - c:\program files (x86)\atlas v14\Atlscript.html
IE: ATLAS Translation &Editor - c:\program files (x86)\atlas v14\AtlscriptEdit.html
IE: Download all links with IDM - c:\program files (x86)\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
LSP: c:\windows\system32\idmmbc.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
mRun-x64: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jesse\appdata\roaming\mozilla\firefox\profiles\qzs8tsyg.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\users\jesse\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\jesse\appdata\roaming\mozilla\firefox\profiles\qzs8tsyg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\jesse\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\jesse\appdata\roaming\mozilla\firefox\profiles\qzs8tsyg.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
FF - plugin: c:\users\jesse\desktop\opera1010usb\program\plugins\nppl3260.dll
FF - plugin: c:\users\jesse\desktop\opera1010usb\program\plugins\nprpjplug.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: XULRunner: {0283AD9D-923E-4962-8CAE-97C76482C77C} - c:\users\jesse\appdata\local\{0283AD9D-923E-4962-8CAE-97C76482C77C}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-8-5 55280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-9 121936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-3 203264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-9 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-9 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-2 40384]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2010-4-9 19432]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-2-19 844320]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-11-2 13784]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-3 7451648]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-3 268288]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-2 40384]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-11-4 56344]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-10 158720]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2010-7-30 406056]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-8-9 143464]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore64.exe" --> c:\program files\superantispyware\SASCORE64.EXE [?]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-8-26 20968]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools64.sys [2010-4-10 47160]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-7-22 40448]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2010-8-5 13312]
S3 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-4-9 1153368]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-10 1255736]
S4 Greg_Service;GRegService;c:\program files (x86)\acer\registration\greghsrw.exe --> c:\program files (x86)\acer\registration\GregHSRW.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-9 135664]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\sitead~1\mcsacore.exe --> c:\progra~2\mcafee\sitead~1\mcsacore.exe [?]
S4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2009-11-4 2320920]
S4 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-11-4 240160]

=============== Created Last 30 ================

2010-09-06 16:11:42 20 ----a-w- c:\users\jesse\defogger_reenable
2010-09-06 16:04:57 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-09-06 13:56:52 0 d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-09-06 13:45:49 0 d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-09-06 13:23:53 0 d-----w- c:\program files (x86)\Eidos
2010-09-05 14:25:49 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-09-05 14:22:07 0 d-----w- c:\program files (x86)\edit
2010-09-05 13:58:40 731106 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-09-05 13:02:06 0 d-----w- c:\program files (x86)\Mafia 2
2010-09-01 23:38:03 0 d-----w- c:\windows\syswow64\RTCOM
2010-09-01 23:28:11 0 d-----w- c:\windows\Sacred 2 Ice And Blood
2010-09-01 23:28:11 0 d-----w- c:\program files (x86)\Sacred 2 Ice And Blood
2010-09-01 03:40:21 0 d-----w- c:\users\jesse\appdata\roaming\WB Games
2010-09-01 03:26:29 0 d-----w- c:\program files (x86)\WB Games
2010-09-01 02:32:46 0 d-----w- c:\windows\Internet Logs
2010-09-01 02:24:38 502256 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 02:23:56 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2010-08-30 22:32:39 0 d-----w- c:\program files (x86)\StepMania4
2010-08-30 22:32:20 1990 ----a-w- c:\windows\Sandboxie.ini
2010-08-30 22:32:11 0 d-----w- c:\program files\Sandboxie
2010-08-30 04:29:33 0 d-----w- c:\program files\Logitech
2010-08-30 01:34:38 0 d-----w- c:\program files\ATI
2010-08-30 01:33:56 0 d-----w- c:\program files\ATI Technologies
2010-08-30 01:32:37 0 d-----w- C:\ATI
2010-08-30 01:17:34 0 d-----w- c:\programdata\ATI
2010-08-29 19:28:48 0 d-----w- c:\users\jesse\appdata\roaming\Debate Synergy
2010-08-29 04:14:16 0 d-----w- c:\program files (x86)\iPhoneBrowser
2010-08-29 04:04:40 0 d-----w- c:\program files (x86)\Phone Disk
2010-08-29 04:01:57 0 d-----w- c:\users\jesse\appdata\roaming\EurekaLog
2010-08-29 04:01:50 0 d-----w- c:\program files (x86)\iPhone PC Transfer
2010-08-29 03:45:37 0 d-----w- c:\users\jesse\appdata\roaming\DiskAid
2010-08-29 03:45:33 0 d-----w- c:\program files (x86)\DigiDNA
2010-08-28 00:28:13 0 d-----w- c:\users\jesse\appdata\roaming\Dropbox
2010-08-27 00:53:03 0 d-----w- C:\AMD
2010-08-26 21:22:59 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x64.sys
2010-08-24 19:53:38 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 19:53:38 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-23 22:42:52 0 d-----w- c:\program files (x86)\psx emulation cheater
2010-08-23 19:54:53 0 d-----w- c:\users\jesse\appdata\roaming\QuickScan
2010-08-23 19:52:00 47104 --sha-w- c:\users\jesse\Thumbs.db
2010-08-23 04:02:26 20 --sh--w- c:\users\jesse\ntuser.ini
2010-08-23 00:06:25 0 d-----w- c:\program files (x86)\Delta
2010-08-22 22:27:30 251652 ----a-w- C:\MGlogs.zip
2010-08-22 14:08:51 0 d-----w- C:\MGtools
2010-08-22 14:08:50 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-22 14:08:48 0 d-----w- c:\programdata\!SASCORE
2010-08-22 13:50:32 0 d-----w- c:\users\jesse\appdata\roaming\CheckPoint
2010-08-22 13:50:01 0 d-----w- c:\program files (x86)\Conduit
2010-08-22 13:49:51 0 d-----w- c:\program files\CheckPoint
2010-08-22 13:49:19 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2010-08-22 13:48:51 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2010-08-22 13:48:21 0 d-----w- c:\programdata\CheckPoint
2010-08-19 15:18:25 334 --sha-w- c:\windows\setup_9.0.0.722_19.08.2010_13-44drv.spi
2010-08-19 15:06:32 0 d-----w- c:\programdata\Kaspersky Lab
2010-08-19 14:50:24 0 d-----w- c:\program files (x86)\MP3 Splitter & Joiner Pro
2010-08-19 14:40:12 668 ----a-w- c:\windows\Mp3CutterJoiner.ini
2010-08-19 14:39:24 5 ----a-w- c:\windows\syswow64\SySMP3CutJoin.dat
2010-08-19 14:33:10 0 d-----w- c:\program files (x86)\Cool MP3 Splitter
2010-08-19 02:51:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-08-19 02:41:16 0 d-----w- c:\windows\WindowsMobile
2010-08-18 15:45:40 0 d-----w- c:\users\jesse\appdata\roaming\Malwarebytes
2010-08-15 02:58:00 0 d-----w- C:\RALINK
2010-08-14 15:11:25 0 d-----w- C:\Dell
2010-08-13 19:30:47 0 d-----w- C:\Nexon
2010-08-13 19:03:18 0 d-----w- c:\programdata\PMB Files
2010-08-13 19:03:09 0 d-----w- c:\program files (x86)\Pando Networks
2010-08-12 12:59:08 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 12:59:08 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 12:59:08 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-12 12:59:07 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 12:59:07 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-12 12:59:03 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 12:59:02 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 12:59:01 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-08-12 12:59:00 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-08-11 19:02:13 0 d-----w- c:\program files (x86)\ATI Technologies
2010-08-11 18:40:16 0 d-----w- c:\program files (x86)\Phyxion.net
2010-08-11 15:16:59 0 d-----w- c:\program files (x86)\Aspyr
2010-08-11 14:59:34 0 d-----w- c:\users\jesse\appdata\roaming\atitray
2010-08-10 15:40:34 0 d--h--w- c:\users\jesse\Zero G Registry
2010-08-10 15:30:04 0 d--h--w- c:\program files (x86)\Zero G Registry
2010-08-10 15:30:04 0 d-----w- c:\program files (x86)\Visual Thesaurus 3
2010-08-10 15:29:22 0 ----a-w- c:\windows\syswow64\.pvte
2010-08-10 15:29:21 0 d--h--w- c:\users\jesse\InstallAnywhere
2010-08-08 23:44:04 0 d-----w- c:\programdata\PopCap Games
2010-08-07 19:52:44 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-07 19:52:44 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-08-07 19:52:44 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-08-07 19:52:10 0 d-----w- c:\program files\iPod
2010-08-07 19:52:09 0 d-----w- c:\program files\iTunes
2010-08-07 19:14:28 43520 ----a-w- c:\windows\syswow64\libusb0.dll

==================== Find3M ====================

2010-08-30 04:30:09 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-08-07 19:46:59 119616 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-06 03:02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ICDUSB3_01007.Wdf
2010-08-04 02:22:36 7451648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-04 02:07:12 20817408 ----a-w- c:\windows\system32\atio6axx.dll
2010-08-04 01:55:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 01:54:50 519680 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-08-04 01:54:00 598528 ----a-w- c:\windows\system32\aticfx64.dll
2010-08-04 01:52:04 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 01:51:54 461824 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-04 01:51:20 203264 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-04 01:50:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-08-04 01:49:56 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-08-04 01:49:50 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-08-04 01:49:48 15845888 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-08-04 01:49:40 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-08-04 01:49:36 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-04 01:49:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-08-04 01:49:26 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-08-04 01:46:32 3899392 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-08-04 01:37:46 4554240 ----a-w- c:\windows\system32\atidxx64.dll
2010-08-04 01:28:30 3077120 ----a-w- c:\windows\system32\atiumd6a.dll
2010-08-04 01:28:26 4021760 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-08-04 01:26:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-08-04 01:26:00 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-08-04 01:25:54 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-08-04 01:25:50 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-08-04 01:25:42 5394432 ----a-w- c:\windows\system32\aticaldd64.dll
2010-08-04 01:24:34 4341248 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-08-04 01:23:46 56832 ----a-w- c:\windows\system32\coinst.dll
2010-08-04 01:22:34 5167104 ----a-w- c:\windows\system32\atiumd64.dll
2010-08-04 01:21:38 3324416 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-08-04 01:16:14 337920 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 01:16:06 241664 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-08-04 01:15:58 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-08-04 01:15:54 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-08-04 01:15:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-04 01:15:52 18432 ----a-w- c:\windows\system32\atig6txx.dll
2010-08-04 01:15:48 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-08-04 01:15:44 268288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-04 01:15:08 39424 ----a-w- c:\windows\system32\atiuxp64.dll
2010-08-04 01:15:02 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-08-04 01:14:56 36864 ----a-w- c:\windows\system32\atiu9p64.dll
2010-08-04 01:14:48 27648 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-08-04 01:14:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-04 01:09:28 54784 ----a-w- c:\windows\system32\atimpc64.dll
2010-08-04 01:09:28 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2010-08-04 01:09:22 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-08-04 01:09:22 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-07-30 23:36:14 406056 ----a-w- c:\windows\system32\drivers\k57nd60a.sys
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-28 22:26:12 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-07-28 22:26:12 2032232 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-07-28 22:26:00 2445672 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2010-07-28 22:26:00 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-07-28 22:25:48 476264 ----a-w- c:\windows\system32\RtkApi64.dll
2010-07-28 22:25:48 2618984 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-07-28 22:25:48 1213544 ----a-w- c:\windows\system32\RTCOM64.dll
2010-07-28 22:25:38 76904 ----a-w- c:\windows\system32\RCoInst64.dll
2010-07-28 22:25:38 372328 ----a-w- c:\windows\system32\RCoRes64.dat
2010-07-27 17:54:00 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-22 20:48:58 220496 ----a-w- c:\windows\system32\SFNHK64.dll
2010-07-22 20:48:50 78160 ----a-w- c:\windows\system32\SFAPO64.dll
2010-07-22 20:48:44 81232 ----a-w- c:\windows\system32\SFCOM64.dll
2010-07-22 20:48:26 74064 ----a-w- c:\windows\syswow64\SFCOM.dll
2010-07-22 20:37:14 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2010-07-06 15:48:02 1756160 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2010-07-05 12:37:06 33792 ----a-w- c:\windows\syswow64\dokan.dll
2010-07-01 17:44:48 123104 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2010-07-01 17:44:44 124128 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2010-07-01 17:44:42 124128 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57:12 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-06-27 21:14:24 334848 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 13:22:56 219348 ----a-w- c:\windows\system32\atiicdxx.dat
2010-06-15 22:28:58 2857 ----a-w- c:\windows\syswow64\atipblag.dat
2010-06-15 22:28:58 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-06-12 15:40:45 107832 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-06-12 15:40:36 2506752 ----a-w- c:\windows\syswow64\pbsvc.exe
2010-06-12 15:27:06 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-05-02 22:59:01 87552 --sh--w- c:\windows\syswow64\h4x0r.dll
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:19:46.77 ===============

Attached Files

Attach.zip 3.54KB 3 downloads

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:01:04 AM

Posted 13 September 2010 - 12:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
In the custom scan box paste the following:
CODE
msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

Back to top

#3 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:01:04 AM

Posted 27 September 2010 - 07:13 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti